Skip to content

Instantly share code, notes, and snippets.

View My1's full-sized avatar

My1

View GitHub Profile
<!doctype html>
<html lang="en">
<head>
<!--
inspired by Mozilla Webauthn documentation: https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API
copyright: 2019 Nicolas Mora <nicolas@babelouest.org>
license: MIT
-->
<title>Hmac-Secret webauthn Extension</title>
<script type="text/javascript" src="https://cdn.jsdelivr.net/npm/cbor-js-unofficial@0.1.0-a4/cbor.min.js"></script>
@My1
My1 / dicekey-wordlist-14400.txt
Created February 16, 2021 00:30 — forked from atoponce/dicekey-wordlist-14400.txt
14,400 word list for the DiceKey
AB1N a
AB1E aah
AB1S abacus
AB1W abide
AB2N able
AB2E abroad
AB2S absurd
AB2W acadia
AB3N ace
AB3E aced
@My1
My1 / AuthyToOtherAuthenticator.md
Created January 8, 2021 15:52 — forked from gboudreau/AuthyToOtherAuthenticator.md
Export TOTP tokens from Authy

Generating Authy passwords on other authenticators


There is an increasing count of applications which use Authy for two-factor authentication. However many users who aren't using Authy, have their own authenticator setup up already and do not wish to use two applications for generating passwords.

Since I use 1Password for all of my password storing/generating needs, I was looking for a solution to use Authy passwords on that. I couldn't find any completely working solutions, however I stumbled upon a gist by Brian Hartvigsen. His post had a neat code with it to generate QR codes for you to use on your favorite authenticator.

His method is to extract the secret keys using Authy's Google Chrome app via Developer Tools. If this was not possible, I guess people would be reverse engineering the Android app or something like that. But when I tried that code, nothing appeared on the screen. My guess is that Brian used the

BEGIN MESSAGE.
LMaDc9Nz3FMfsfk mWOqJUOL21AsBtj edoVStoOERtxjGB CHRsNVwN6Rvfawp
cFgS4Nx0VCknA5G CNAjALLywgZTCKq 6Xr2MZHgg4ixAWO 8xSqfXZA7t2i3rp
CQVaMrbOURcEUDu VTMjKRQOdTIYklj wAOLiChq6Cdf1ga blMhoKl1aeTDICF
CdX6Mx6fLEjmj74 GoT2LYkqulHQsmr gsf.
END MESSAGE.
@My1
My1 / blowuprks.php
Last active December 4, 2019 23:23
depends on https://github.com/lbuchs/WebAuthn place in .test do not use on a key you dont want to reset.
<?php
$dbhost="use";
$dbname="your";
$dbuser="own";
$dbpass="database";
$table="table";
function bin2uuid($bin) {
$uuidReadable = unpack("H*",$bin);
$uuidReadable = preg_replace("/([0-9a-f]{8})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{12})/", "$1-$2-$3-$4-$5", $uuidReadable);
@My1
My1 / minify.php
Created October 14, 2019 21:52 — forked from antxd/minify.php
A small PHP-Script for minifying CSS
<?php
// specify your css-files and their order here
$cssFiles = array(
'normalize.css', 'style.css', 'print.css', 'colorbox.css'
);
// the file to write the compressed css to
$minFileName = 'minified.css';
// thats all, just call this file in your browser and it will
// build you a minimized css-file. then just link to this single
/*!
Written by My1 (github.com/My1, twitter.com/My1xT, blog.my1.tech
you can use, modify, share, etc. this little piece of code but please keep this comment. (basically a CC-BY)
*/
body, td, input, textarea, select { /* force fonts */
font-family: arial, sans-serif;
}

Keybase proof

I hereby claim:

  • I am My1 on github.
  • I am my1 (https://keybase.io/my1) on keybase.
  • I have a public key whose fingerprint is 5BE1 825C 1ECD 3A6F 8222 956C 9A1B 0068 DA1C 4748

To claim this, I am signing this object:

@My1
My1 / gist:615843f53ff4fb6d2573
Created March 7, 2016 13:47
message about selfsigned certs
wait a sec I have to intervene. firefox just shows a warning page but when you trust the lock turns green and everything is ncie. chrome instead makes it red and slashes out the https.
the problem is really that users need to be aware of a possible false sense of security and I think that users shouldnt carelessly connect to a self signed cert (unless it is DANE'd)
while with unencrpyted the user sees "okay it's not encrypted, better be careful", but many people get a false sense of security from the lock (the reason why FF4-13 removed the lock, which was quite an intresting idea in my opinion.
I would maybe instead of crossing the lock, throw a question mark next to it (as in the fact that the real identity of the key is unknown)
throwing that intermediate page should maybe be a little bit more neutral, similar to ssh connection dialogs, but then SSHing people usually have a bit more knowledge than the average user.